Advisories | Mandriva

Package name	xorg-x11
Date	August 24th, 2006
Advisory ID	MDKSA-2006:148
Affected versions	CS3.0, 2006.0

Problem Description

An integer overflow flaw was discovered in how xorg-x11/XFree86 handles
PCF files. A malicious authorized client could exploit the issue to
cause a DoS (crash) or potentially execute arbitrary code with root
privileges on the xorg-x11/XFree86 server.

Updated packages are patched to address this issue.

Updated Packages

Corporate Server 3.0

 b8ec2f34a2de5dcce58c767d7acb9742  corporate/3.0/RPMS/libxfree86-4.3-32.6.C30mdk.i586.rpm
 17ef760371f3c6132ffbeb16b8cc334f  corporate/3.0/RPMS/libxfree86-devel-4.3-32.6.C30mdk.i586.rpm
 0dfdac241d26016477688c7cdafa9954  corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.6.C30mdk.i586.rpm
 b3c9d0af6cd576695f42646b0e64823b  corporate/3.0/RPMS/X11R6-contrib-4.3-32.6.C30mdk.i586.rpm
 68c7ceffb72aa9962ff785470a4420eb  corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.6.C30mdk.i586.rpm
 f6c0dcbb55abfdb3fe731e7a02a516d7  corporate/3.0/RPMS/XFree86-4.3-32.6.C30mdk.i586.rpm
 691a6da2b476618b92410b54b2cc659e  corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.6.C30mdk.i586.rpm
 7d86c5eed71597a8ccb9615dbdcd203e  corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.6.C30mdk.i586.rpm
 54890690be35fa07c24a153294b4f047  corporate/3.0/RPMS/XFree86-doc-4.3-32.6.C30mdk.i586.rpm
 ad22989ca3a580e832224a032ccb2e5f  corporate/3.0/RPMS/XFree86-glide-module-4.3-32.6.C30mdk.i586.rpm
 67f5e5000b538a5df6dd7d999acfaecd  corporate/3.0/RPMS/XFree86-server-4.3-32.6.C30mdk.i586.rpm
 db5ba130a18b93d416e781b77e48b752  corporate/3.0/RPMS/XFree86-xfs-4.3-32.6.C30mdk.i586.rpm
 2c09fd4d1a1b61a1170c6d50eb675979  corporate/3.0/RPMS/XFree86-Xnest-4.3-32.6.C30mdk.i586.rpm
 70b0c2ec881d07f1db12921d072b77d6  corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.6.C30mdk.i586.rpm
 61d6302023daef2488822d0146d73baf  corporate/3.0/SRPMS/XFree86-4.3-32.6.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 40d18d307b0d7ebcc665559a31226c97  x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.6.C30mdk.x86_64.rpm
 b482d0e7d223afeda7c15a78dc91f526  x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.6.C30mdk.x86_64.rpm
 4850377b6975c3b6747ced40f77fefda  x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.6.C30mdk.x86_64.rpm
 962df4b68d2ac9b94540b1f12b5daeb4  x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.6.C30mdk.x86_64.rpm
 a7ef4764f0e80e25f46d8118ea926eb0  x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.6.C30mdk.x86_64.rpm
 93da80be668a3feeb55cbf418e9ca3ba  x86_64/corporate/3.0/RPMS/XFree86-4.3-32.6.C30mdk.x86_64.rpm
 cb6db58a236a35a6923f475b595426fa  x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.6.C30mdk.x86_64.rpm
 5243dcbb796550a6c3cb6097ef0e8b93  x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.6.C30mdk.x86_64.rpm
 7212b487461c2f16c7b53adc6883bc9e  x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.6.C30mdk.x86_64.rpm
 059398da9ef868e4c445a3c3963804d7  x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.6.C30mdk.x86_64.rpm
 7fa19747b99f4ddda0fa8bedc4e08e2b  x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.6.C30mdk.x86_64.rpm
 01fc36b3ec6878c51a61ec35f0e98328  x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.6.C30mdk.x86_64.rpm
 be65abdd2513cf7e687542a12638e907  x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.6.C30mdk.x86_64.rpm
 61d6302023daef2488822d0146d73baf  x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.6.C30mdk.src.rpm

Mandriva Linux 2006

 e96690462ea6e57335b457d763e26b80  2006.0/RPMS/libxorg-x11-6.9.0-5.8.20060mdk.i586.rpm
 31f632a499f6a55459ce5446ad5871b5  2006.0/RPMS/libxorg-x11-devel-6.9.0-5.8.20060mdk.i586.rpm
 1c0eda1098546a703159832671e10e99  2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.8.20060mdk.i586.rpm
 5ac9c8c715cb5df656ccbacec5a87dae  2006.0/RPMS/X11R6-contrib-6.9.0-5.8.20060mdk.i586.rpm
 ac15309aaeb2a021658314afde737da4  2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.8.20060mdk.i586.rpm
 f155986261ac4d70982f68b51a38c3dc  2006.0/RPMS/xorg-x11-6.9.0-5.8.20060mdk.i586.rpm
 1c7afcc1116ae6db0df1fbec846c552f  2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.8.20060mdk.i586.rpm
 2273cbc4aac47f3060e39a5bebc69392  2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.8.20060mdk.i586.rpm
 f67859d61e75afe3bcc1e481e346c72c  2006.0/RPMS/xorg-x11-doc-6.9.0-5.8.20060mdk.i586.rpm
 f2685335f3b56d1e4d00f629fc4c4bad  2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.8.20060mdk.i586.rpm
 dbb7aecf3aa04ebdd98ce07a2d8e7ba5  2006.0/RPMS/xorg-x11-server-6.9.0-5.8.20060mdk.i586.rpm
 bdb37de9d95ac078fa2e1a0e87de7a5e  2006.0/RPMS/xorg-x11-xauth-6.9.0-5.8.20060mdk.i586.rpm
 06022dee267d75d01ff580a9e7afa3d4  2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.8.20060mdk.i586.rpm
 483903328a38387fc0d0584e5478d474  2006.0/RPMS/xorg-x11-xfs-6.9.0-5.8.20060mdk.i586.rpm
 6c720d145e82cfa47b3ffabae2b5493a  2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.8.20060mdk.i586.rpm
 bc7b594caa1d2142eb32f25e5a8bbf57  2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.8.20060mdk.i586.rpm
 5861d29021e989dd2ebcc668c6620444  2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.8.20060mdk.i586.rpm
 5915dadb375c54be929c6f336b7c0231  2006.0/SRPMS/xorg-x11-6.9.0-5.8.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 2f0e74defdcef7544d949eaef81051b7  x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.8.20060mdk.x86_64.rpm
 f9dca9d58a256e537586df14f0f3709b  x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.8.20060mdk.x86_64.rpm
 ff60d844dbf4f376a2e7ec5468cd5701  x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.8.20060mdk.x86_64.rpm
 3d7251620e95952a72708a25a9d6b9ad  x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.8.20060mdk.x86_64.rpm
 ae47c639f87ca7238c54449e4dac06e4  x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.8.20060mdk.x86_64.rpm
 a9b1178ae4b51e0f04ca6ab305b7dd00  x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.8.20060mdk.x86_64.rpm
 1c53adb504f5bdd86123e8cc470e2316  x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.8.20060mdk.x86_64.rpm
 49f3696276eb8d8db9894ad74aa300e7  x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.8.20060mdk.x86_64.rpm
 f2b94e866eeafb9db914990f19ace8c7  x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.8.20060mdk.x86_64.rpm
 f31dd3184054ea253f98e9b628a835e4  x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.8.20060mdk.x86_64.rpm
 2f17814f669ec11941bf1a8d72213cfa  x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.8.20060mdk.x86_64.rpm
 b55e6ba22af3d404d83a4e6c762620b1  x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.8.20060mdk.x86_64.rpm
 130f98fbbbd53c49f1af4a174ce46d48  x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.8.20060mdk.x86_64.rpm
 263baf4aa6f429af65a4f22c25b1f967  x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.8.20060mdk.x86_64.rpm
 893c19c630ef1c6adcc189c7e87fd533  x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.8.20060mdk.x86_64.rpm
 9e83acc573420cebe10682e38e9435ac  x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.8.20060mdk.x86_64.rpm
 7d562d5dcccc236eee9e9b62e68297f4  x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.8.20060mdk.x86_64.rpm
 5915dadb375c54be929c6f336b7c0231  x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.8.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.